sytkov · November 9, 2012 12:22
diff --git a/gistfile1.sh b/gistfile1.sh
 semanage fcontext -a -t samba_share_t /root/downloads
 chcon -R -t samba_share_t /root/downloads
diff --git a/smb.conf b/smb.conf
 # NOTE: Whenever you modify this file you should run the command "testparm"
 # to check that you have not made any basic syntactic errors.
 #
 #---------------
 # SELINUX NOTES:
 #
 # If you want to use the useradd/groupadd family of binaries please run:
 # setsebool -P samba_domain_controller on
 #
 # If you want to share home directories via samba please run:
 # setsebool -P samba_enable_home_dirs on
 #
 # If you create a new directory you want to share you should mark it as
 # "samba-share_t" so that selinux will let you write into it.
 # Make sure not to do that on system directories as they may already have
 # been marked with othe SELinux labels.
 #
 # Use ls -ldZ /path to see which context a directory has
 #
 # Set labels only on directories you created!
 # To set a label use the following: chcon -t samba_share_t /path
 #
 # If you need to share a system created directory you can use one of the
 # following (read-only/read-write):
 # setsebool -P samba_export_all_ro on
 # or
 # setsebool -P samba_export_all_rw on
 #
 # If you want to run scripts (preexec/root prexec/print command/...) please
 # put them into the /var/lib/samba/scripts directory so that smbd will be
 # allowed to run them.
 # Make sure you COPY them and not MOVE them so that the right SELinux context
 # is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
 #
 #======================= Global Settings =====================================

 [global]
 	workgroup = workgroup
 	security = user
 	idmap uid = 16777216-33554431
 	idmap gid = 16777216-33554431
 ;	template shell = /bin/false
 	winbind use default domain = false
 	winbind offline logon = false

 # ----------------------- Network Related Options -------------------------
 #
 # workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
 #
 # server string is the equivalent of the NT Description field
 #
 # netbios name can be used to specify a server name not tied to the hostname
 #
 # Interfaces lets you configure Samba to use multiple interfaces
 # If you have multiple network interfaces then you can list the ones
 # you want to listen on (never omit localhost)
 #
 # Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
 # specifiy it as a per share option as well
 #
 	server string = Samba Server %v

 ;	netbios name = MYSERVER

 ;	interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
 ;	hosts allow = 127. 192.168.12. 192.168.13.

 # --------------------------- Logging Options -----------------------------
 #
 # Log File let you specify where to put logs and how to split them up.
 #
 # Max Log Size let you specify the max size log files should reach

 	# logs split per machine
 ;	log file = /var/log/samba/%m.log
 	# max 50KB per log file, then rotate
 ;	max log size = 50

 # ----------------------- Standalone Server Options ------------------------
 #
 # Security can be set to user, share(deprecated) or server(deprecated)
 #
 # Backend to store user information in. New installations should
 # use either tdbsam or ldapsam. smbpasswd is available for backwards
 # compatibility. tdbsam requires no further configuration.

 	passdb backend = tdbsam

 # ----------------------- Browser Control Options ----------------------------
 #
 # set local master to no if you don't want Samba to become a master
 # browser on your network. Otherwise the normal election rules apply
 #
 # OS Level determines the precedence of this server in master browser
 # elections. The default value should be reasonable
 #
 # Preferred Master causes Samba to force a local browser election on startup
 # and gives it a slightly higher chance of winning the election
 ;	local master = no
 ;	os level = 33
 ;	preferred master = yes

 #----------------------------- Name Resolution -------------------------------
 # Windows Internet Name Serving Support Section:
 # Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
 #
 # - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
 #
 # - WINS Server: Tells the NMBD components of Samba to be a WINS Client
 #
 # - WINS Proxy: Tells Samba to answer name resolution queries on
 #   behalf of a non WINS capable client, for this to work there must be
 #   at least one	WINS Server on the network. The default is NO.
 #
 # DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
 # via DNS nslookups.

 ;	wins support = yes
 ;	wins server = w.x.y.z
 ;	wins proxy = yes

 ;	dns proxy = yes

 # --------------------------- Printing Options -----------------------------
 #
 # Load Printers let you load automatically the list of printers rather
 # than setting them up individually
 #
 # Cups Options let you pass the cups libs custom options, setting it to raw
 # for example will let you use drivers on your Windows clients
 #
 # Printcap Name let you specify an alternative printcap file
 #
 # You can choose a non default printing system using the Printing option

 ;	load printers = yes
 	cups options = raw

 ;	printcap name = /etc/printcap
 	#obtain list of printers automatically on SystemV
 ;	printcap name = lpstat
 ;	printing = cups

 # --------------------------- Filesystem Options ---------------------------
 #
 # The following options can be uncommented if the filesystem supports
 # Extended Attributes and they are enabled (usually by the mount option
 # user_xattr). Thess options will let the admin store the DOS attributes
 # in an EA and make samba not mess with the permission bits.
 #
 # Note: these options can also be set just per share, setting them in global
 # makes them the default for all shares

 ;	map archive = no
 ;	map hidden = no
 ;	map read only = no
 ;	map system = no
 	username map = /etc/samba/smbusers
 	encrypt passwords = yes
 	guest ok = yes
 ;	guest account = nobody
 ;	store dos attributes = yes

 #============================ Share Definitions ==============================

 [homes]
 	comment = Home Directories
 	browseable = no
 	writable = yes
 	valid users = %S
 ;	valid users = MYDOMAIN\%S

 [printers]
 	comment = All Printers
 	path = /var/spool/samba
 	browseable = no
 ;	guest ok = no
 ;	writable = No
 	printable = yes

 # Un-comment the following to provide a specific roving profile share
 # the default is to use the user's home directory
 ;	[Profiles]
 ;	path = /var/lib/samba/profiles
 ;	browseable = no
 ;	guest ok = yes


 # A publicly accessible directory, but read only, except for people in
 # the "staff" group
 ;	[public]
 ;	comment = Public Stuff
 ;	path = /home/samba
 ;	public = yes
 ;	writable = yes
 ;	printable = no
 ;	write list = +staff

 [downloads]
 	path = /root/downloads
 	writeable = yes
 	browseable = yes
 	valid users = root
 	public = no
	semanage fcontext -a -t samba_share_t /root/downloads
	chcon -R -t samba_share_t /root/downloads
	# NOTE: Whenever you modify this file you should run the command "testparm"
	# to check that you have not made any basic syntactic errors.
	#
	#---------------
	# SELINUX NOTES:
	#
	# If you want to use the useradd/groupadd family of binaries please run:
	# setsebool -P samba_domain_controller on
	#
	# If you want to share home directories via samba please run:
	# setsebool -P samba_enable_home_dirs on
	#
	# If you create a new directory you want to share you should mark it as
	# "samba-share_t" so that selinux will let you write into it.
	# Make sure not to do that on system directories as they may already have
	# been marked with othe SELinux labels.
	#
	# Use ls -ldZ /path to see which context a directory has
	#
	# Set labels only on directories you created!
	# To set a label use the following: chcon -t samba_share_t /path
	#
	# If you need to share a system created directory you can use one of the
	# following (read-only/read-write):
	# setsebool -P samba_export_all_ro on
	# or
	# setsebool -P samba_export_all_rw on
	#
	# If you want to run scripts (preexec/root prexec/print command/...) please
	# put them into the /var/lib/samba/scripts directory so that smbd will be
	# allowed to run them.
	# Make sure you COPY them and not MOVE them so that the right SELinux context
	# is applied, to check all is ok use restorecon -R -v /var/lib/samba/scripts
	#
	#======================= Global Settings =====================================

	[global]
	workgroup = workgroup
	security = user
	idmap uid = 16777216-33554431
	idmap gid = 16777216-33554431
	; template shell = /bin/false
	winbind use default domain = false
	winbind offline logon = false

	# ----------------------- Network Related Options -------------------------
	#
	# workgroup = NT-Domain-Name or Workgroup-Name, eg: MIDEARTH
	#
	# server string is the equivalent of the NT Description field
	#
	# netbios name can be used to specify a server name not tied to the hostname
	#
	# Interfaces lets you configure Samba to use multiple interfaces
	# If you have multiple network interfaces then you can list the ones
	# you want to listen on (never omit localhost)
	#
	# Hosts Allow/Hosts Deny lets you restrict who can connect, and you can
	# specifiy it as a per share option as well
	#
	server string = Samba Server %v

	; netbios name = MYSERVER

	; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24
	; hosts allow = 127. 192.168.12. 192.168.13.

	# --------------------------- Logging Options -----------------------------
	#
	# Log File let you specify where to put logs and how to split them up.
	#
	# Max Log Size let you specify the max size log files should reach

	# logs split per machine
	; log file = /var/log/samba/%m.log
	# max 50KB per log file, then rotate
	; max log size = 50

	# ----------------------- Standalone Server Options ------------------------
	#
	# Security can be set to user, share(deprecated) or server(deprecated)
	#
	# Backend to store user information in. New installations should
	# use either tdbsam or ldapsam. smbpasswd is available for backwards
	# compatibility. tdbsam requires no further configuration.

	passdb backend = tdbsam

	# ----------------------- Browser Control Options ----------------------------
	#
	# set local master to no if you don't want Samba to become a master
	# browser on your network. Otherwise the normal election rules apply
	#
	# OS Level determines the precedence of this server in master browser
	# elections. The default value should be reasonable
	#
	# Preferred Master causes Samba to force a local browser election on startup
	# and gives it a slightly higher chance of winning the election
	; local master = no
	; os level = 33
	; preferred master = yes

	#----------------------------- Name Resolution -------------------------------
	# Windows Internet Name Serving Support Section:
	# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both
	#
	# - WINS Support: Tells the NMBD component of Samba to enable it's WINS Server
	#
	# - WINS Server: Tells the NMBD components of Samba to be a WINS Client
	#
	# - WINS Proxy: Tells Samba to answer name resolution queries on
	# behalf of a non WINS capable client, for this to work there must be
	# at least one WINS Server on the network. The default is NO.
	#
	# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names
	# via DNS nslookups.

	; wins support = yes
	; wins server = w.x.y.z
	; wins proxy = yes

	; dns proxy = yes

	# --------------------------- Printing Options -----------------------------
	#
	# Load Printers let you load automatically the list of printers rather
	# than setting them up individually
	#
	# Cups Options let you pass the cups libs custom options, setting it to raw
	# for example will let you use drivers on your Windows clients
	#
	# Printcap Name let you specify an alternative printcap file
	#
	# You can choose a non default printing system using the Printing option

	; load printers = yes
	cups options = raw

	; printcap name = /etc/printcap
	#obtain list of printers automatically on SystemV
	; printcap name = lpstat
	; printing = cups

	# --------------------------- Filesystem Options ---------------------------
	#
	# The following options can be uncommented if the filesystem supports
	# Extended Attributes and they are enabled (usually by the mount option
	# user_xattr). Thess options will let the admin store the DOS attributes
	# in an EA and make samba not mess with the permission bits.
	#
	# Note: these options can also be set just per share, setting them in global
	# makes them the default for all shares

	; map archive = no
	; map hidden = no
	; map read only = no
	; map system = no
	username map = /etc/samba/smbusers
	encrypt passwords = yes
	guest ok = yes
	; guest account = nobody
	; store dos attributes = yes

	#============================ Share Definitions ==============================

	[homes]
	comment = Home Directories
	browseable = no
	writable = yes
	valid users = %S
	; valid users = MYDOMAIN\%S

	[printers]
	comment = All Printers
	path = /var/spool/samba
	browseable = no
	; guest ok = no
	; writable = No
	printable = yes

	# Un-comment the following to provide a specific roving profile share
	# the default is to use the user's home directory
	; [Profiles]
	; path = /var/lib/samba/profiles
	; browseable = no
	; guest ok = yes


	# A publicly accessible directory, but read only, except for people in
	# the "staff" group
	; [public]
	; comment = Public Stuff
	; path = /home/samba
	; public = yes
	; writable = yes
	; printable = no
	; write list = +staff

	[downloads]
	path = /root/downloads
	writeable = yes
	browseable = yes
	valid users = root
	public = no